CWE-260: CWE-260

Total CVEs

Critical

High

7.5

Avg CVSS

Yearly Trend

2025

2023

Top Affected Vendors

1 Ibm 4

2 Minidvblinux 1

3 Sonicwall 1

All CWE-260 CVEs (10)

CVE-2025-57754

9.8

The eslint-ban-moment ESLint plugin versions 3.0.0 and earlier expose a sensitive Supabase URI with embedded credentials in the .env file. This allows...

Aug 21, 2025

CVE-2023-34128

9.8

This vulnerability involves hardcoded Tomcat application credentials in SonicWall GMS and Analytics configuration files. Attackers who can access thes...

Jul 13, 2023

CVE-2025-25022

9.6

This vulnerability allows unauthenticated users to access sensitive configuration files in IBM QRadar Suite and IBM Cloud Pak for Security deployments...

Jun 3, 2025

CVE-2025-32111

8.7

This CVE describes a GitHub Actions workflow vulnerability in acme.sh Docker images where the checkout action lacks 'persist-credentials: false', pote...

Apr 4, 2025

CVE-2023-53770

7.5

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to retrieve complete system configurati...

Dec 9, 2025

CVE-2025-33119

6.5

IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 store user credentials in configuration files that are committed to source control. This allows authen...

Nov 12, 2025

CVE-2024-45673

5.5

This vulnerability allows local users to read stored user credentials from configuration files in affected IBM Security products. It affects IBM Secur...

Feb 21, 2025

CVE-2025-51540

5.3

EzGED3 3.5.0 uses MD5 double-hashing without salting for password storage, making stored credentials vulnerable to offline brute-force attacks if pass...

Aug 19, 2025

CVE-2025-36100

5.1

IBM MQ stores passwords in client configuration files when trace functionality is enabled, allowing local users to read sensitive credentials. This af...

Sep 7, 2025

CVE-2023-53739

N/A

CVE-2023-53739 allows unauthenticated remote attackers to download configuration backup files from Tinycontrol LAN Controller v3 LK3 devices, exposing...

Dec 9, 2025

About CWE-260 (CWE-260)

Our database tracks 10 CVEs classified as CWE-260, with 3 rated critical and 2 rated high severity. The average CVSS score for CWE-260 vulnerabilities is 7.5.

External reference: View CWE-260 on MITRE CWE →

Monitor CWE-260 Vulnerabilities

Get alerted when new CWE-260 CVEs affect your infrastructure.

Start Monitoring Free